ZkLend, a decentralized lending protocol on Starknet, has confirmed an exploit on its platform and urged the attacker to return stolen funds.
Whereas the platform has not disclosed the precise quantity taken, blockchain safety agency Cyvers estimates the loss at roughly $9.5 million.
Bounty provide
In a Feb. 12 submit on X, the lending protocol acknowledged:
“We perceive that you’re answerable for as we speak’s assault on zkLend. You might preserve 10% of the funds as a whitehat bounty, and ship again the remaining 90%, or 3,300 ETH to be actual, to this Ethereum tackle: 0xCf31e1b97790afD681723fA1398c5eAd9f69B98C.”
The platform assured the attacker that no authorized motion could be taken if the property had been returned earlier than the deadline of 00:00 UTC on Feb. 14, 2025. Nevertheless, ZkLend intends to pursue authorized measures and observe the stolen property if the hacker refuses to take action.
The protocol emphasised the legitimacy of its request, stating that the message was despatched from its Ethereum ZEND token deployer account. It additionally urged the general public to confirm the knowledge via its official X account.
In response to the breach, ZkLend has suspended withdrawals and suggested customers to not deposit funds or repay loans till additional discover.
The staff is actively investigating the exploit in collaboration with blockchain safety consultants and legislation enforcement companies. As soon as the investigation concludes, a complete report detailing the incident and safety measures can be revealed.
In the meantime, Cyvers reported that the stolen ETH was bridged to Ethereum and moved via Railgun, a privacy-focused transaction service. Nevertheless, resulting from Railgun’s inner insurance policies, the funds had been redirected to their authentic tackle.
Over $100 million stolen this 12 months
This assault on ZkLend provides to the rising listing of safety breaches within the crypto sector.
Knowledge from DeFiLlama signifies that cybercriminals have stolen over $100 million from blockchain initiatives in early 2025. This follows a staggering $2.2 billion loss throughout 303 incidents recorded in 2024.
As hacking threats persist, market observers warn that the trade might face one other 12 months of heavy monetary losses.
